Today the Information Security Arena has been shaken by two separate, although similar, events: IBM and McAfee, two giants in this troubled market, have separately decided to make a decisive move into the Security Information And Event Management (SIEM) market by acquiring two privately held leading companies in this sector.

Although part of different tactics, the two moves follow, in my opinion, the same strategy which aims to build a unified and self-consistent security model: a complete security framework must not only provide information but also the intelligence to manage it, Information is power and Security is no exception to this rule.

But in order to be a real power, information must be structured and here comes the key point. Both vendors are leading providers of Network and Host Intrusion Prevention Solutions, heritage of the acquisions of ISS by IBM and Intrushield by McAfee and have hence the ability to capture security events from endpoints and networks: definitively they have the ability to provide the information, but they miss the adequate intelligence to correlate and manage it in order to make it structured.

This is completely true for McAfee that, (at least until today) lacked a SIEM solution in its portfolio and needed to rely on the SIA Certified SIEM Partner (Of course NitroSecurity was certified as a Sales Teaming Partner, the higher level). But in part this is also true for IBM that, despite the Micromuse acquisition and its troubled integration with Tivoli, was never able to became a credible player in this market, confined at the boundaries of the various (magic) quadrants.

Now they can make a decisive change to their positioning and also leverage a powerful trojan horse (the Information Management) to push their technologies to conquer new customers and market segments.

Is maybe a coincidence that another leader provider of SIEM solutions (ArcSight) is part of a company (HP) which also has in its portfolio Tipping Point (as part of the 3Com acquisition) a leader provider of Network IPS?

Event detection and event correlations (and management) are converging in the new Unified Security Model, general SIEM vendors are advised…